Virtually Hacking: Hacking the Virtual Computer » (1ST)

Examining computer security from the hacker's perspective, Practical Hacking Techniques and Countermeasures employs virtual computers to illustrate how an attack is executed, including the script, compilation, and results. It provides detailed screen shots in each lab for the reader to follow along in a step-by-step process in order to duplicate and understand how the attack works. It enables experimenting with hacking techniques without fear of corrupting computers or violating any laws.

Written in a lab manual style, the book begins with the installation of the VMware® Workstation product and guides the users through detailed hacking labs enabling them to experience what a hacker actually does during an attack. It covers social engineering techniques, footprinting techniques, and scanning tools. Later chapters examine spoofing techniques, sniffing techniques, password cracking, and attack tools. Identifying wireless attacks, the book also explores Trojans, Man-in-the-Middle (MTM) attacks, and Denial of Service (DoS) attacks.

Learn how to secure your computers with this comprehensive guide on hacking techniques and countermeasures

By understanding how an attack occurs the reader can better understand how to defend against it. This book shows how an attack is conceptualized, formulated, and performed. It offers valuable information for constructing a system to defend against attacks and provides a better understanding of securing your own computer or corporate network.

Preparation     1
Installing VMware Workstation     3
Configuring Virtual Machines     10
Installing a Virtual Windows 2000 Workstation     11
Installing VMware Tools for Windows 2000 Virtual Machines     29
Installing a Red Hat Version 8 Virtual Machine     35
Installing VMware Tools for Red Hat Virtual Machines     55
What Is on the CD?     60
Restrict Anonymous     60
To Restrict Anonymous     60
In Windows NT     60
For Windows XP, 2003     60
For Windows 2000     61
What Is the Difference?     61
Banner Identification     63
Banner Identification     65
Banner Identification     67
Banner Identification     73
Operating System Identification: Detect Operating System of Target: Xprobe2     75
Banner Identification     79
Banner Identification     84
Personal Social Engineering: Social Engineering Techniques: Dumpster Diving/Personnel     86
Target Enumeration     87
Establish a NULL Session: Establish a NULL Session: NULL Session     89
Enumerate Target MAC Address: Enumerate MAC Address and Total NICs: GETMAC     90
Enumerate SID from User ID: Enumerate the SID from the Username: USER2SID     91
Enumerate User ID from SID: Enumerate the Username from the Known SID: SID2USER     93
Enumerate User Information: Enumerate User Information from Target: USERDUMP     96
Enumerate User Information: Exploit Data from Target Computer: USERINFO     97
Enumerate User Information: Exploit User Information from Target: DUMPSEC     98
Host/Domain Enumeration: Enumerate Hosts and Domains of LAN: Net Commands     102
Target Connectivity/Route: Detect Target Connectivity: PingG     105
Target Connectivity/Route: Connectivity/Routing Test: Pathping     107
Operating System Identification: Identify Target Operating System: Nmap/nmapFE     109
Operating System Identification: Identify Target Operating System: NmapNT     117
IP/Hostname Enumeration: Enumerate IP or Hostname: Nslookup     123
IP/Hostname Enumeration: Enumerate IP or Hostname: Nmblookup     124
RPC Reporting: Report the RPC of Target: Rpcinfo     125
Location/Registrant Identification: Gather Registration Info/Trace Visual Route: Visual Route     126
Registrant Identification: Gather IP or Hostname: Sam Spade     128
Operating System Identification: Gather OS Runtime and Registered IPs: Netcraft      131
Operating System Identification: Scan Open Ports of Target: Sprint     133
Default Shares: Disable Default Shares: Windows Operating System     135
Host Enumeration: Scan Open Ports of Target: WinFingerprint     139
Scanning     145
Target Scan/Share Enumeration: Scan Open Ports of Target: Angry IP     147
Target Scan/Penetration: Scan Open Ports/Penetration Testing: LANguard     151
Target Scan through Firewall: Scan Open Ports of Target: Fscan     153
Passive Network Discovery: Passively Identify Target Information on the LAN: Passifist     154
Network Discovery: Identify Target Information: LanSpy     158
Open Ports/Services: Scan Open Ports/Services of Target: Netcat     161
Port Scan/Service Identification: Scan Open Ports of Target: SuperScan     163
Port Scanner: Identify Ports Open: Strobe     166
Anonymous FTP Locator: Locate Anonymous FTP Servers: FTPScanner     169
CGI Vulnerability Scanner: Identify CGI Vulnerabilities: TCS CGI Scanner     171
Shared Resources Locator: Identify Open Shared Resources: Hydra     178
Locate Wingate Proxy Servers: Locate Wingate Proxy Servers: WGateScan/ADM Gates     187
Sniffing Traffic     193
Packet Capture - Sniffer: Exploit Data from Network Traffic: Ethereal      195
To Install Ethereal on a Red Hat Linux Computer     196
To Install Ethereal on Microsoft Windows     206
Packet Capture - Sniffer: Exploit Data from Network Traffic: Ngrep     213
For Linux     213
For Windows     219
Packet Capture - Sniffer: Exploit Data from Network Traffic: TcpDump     223
Packet Capture - Sniffer: Exploit Data from Network Traffic: WinDump     230
Packet Capture - Sniffer: Monitor IP Network Traffic Flow: IPDump2     234
For Linux     234
For Windows     237
Password Capture - Sniffer: Exploit Passwords and Sniff the Network: ZxSniffer     240
Exploit Data from Target Computer - Sniffit     249
Spoofing     261
Spoofing IP Addresses: Send Packets via False IP Address: RafaleX     263
Spoofing MAC Addresses: Send Packets via a False MAC Address: SMAC     268
Spoofing MAC Addresses: Send Packets: via a False MAC Address: Linux     277
Packet Injection/Capture/Trace: Send Packets via a False IP/MAC Address: Packit     284
Spoof MAC Address: Altering the MAC Address: VMware Workstation     295
Brute Force     299
Brute-Force FTP Server: Crack an FTP Password: NETWOX/NETWAG     301
Retrieve Password Hashes: Extract Password Hashes: FGDump     309
Crack Password Hashes: Crack and Capture Password Hashes: LC5     313
Overwrite Administrator Password: Change the Administrator Password: CHNTPW     325
Brute-Force Passwords: Brute-Force Passwords for a Hashed File: John the Ripper     337
Brute-Force FTP Password: Brute-Force an FTP Password Connection: BruteFTP     346
Brute-Force Terminal Server: Brute-Force Terminal Server Passwords: TSGrinder II     354
Vulnerability Scanning     357
Vulnerability Scanner: Perform Vulnerability Assessment: SAINT     359
SNMP Walk: Exploit Data via SNMP Walk: NETWOX/NETWAG     379
Brute-Force Community Strings: Exploit the SNMP Community Strings: Solar Winds     386
Target Assessment: Assessment of Target Security: Retina     392
Target Assessment: Assessment of Target Security: X-Scan     397
Vulnerability Scanner: Perform Vulnerability Assessment: SARA     402
Web Server Target Assessment: Assessment of Web Server Security: N-Stealth     414
Vulnerability Scanner: Exploit Data from Target Computer: Pluto     421
Vulnerability Assessment: Perform Vulnerability Assessment: Metasploit     429
On Windows     429
On Linux     441
Web Server Target Assessment: Assessment of Web Server Security: Nikto     451
Vulnerability Scanner: Assessment of Target Security: Shadow Scanner     455
Internet Vulnerability Scanner: Assessment of Target Security: Cerberus     468
WHAX - Auto Exploit Reverse Shell: Automatically Exploit the Target: AutoScan     474
Unique Fake Lock Screen XP: Grab the Administrator Password: Fake Lock Screen XP     491
Bypassing Microsoft Serial Numbers: Bypassing Serial Number Protection: RockXP/Custom Script     499
Vulnerability Exploit: Assessment of Target Security: Web Hack Control Center     507
Wireless     511
Locate Unsecured Wireless: Locate Unsecured Wireless: NetStumbler/Mini-Stumbler     513
Trojan: Unauthorized Access and Control: Back Orifice     519
On the Target Computer     519
On the Attacker's Computer     528
Trojan: Unauthorized Access and Control: NetBus     534
On the Target (Server)     534
On the Attacker's Computer     540
ICMP Tunnel Backdoor: Bidirectional Spoofed ICMP Tunnel: Sneaky-Sneaky     545
On the Target (Server)     545
On the Attacker's Machine     548
Hiding Tools on the Target: Hiding Files on the Target: CP     553
Scenario: Hiding Netcat inside the Calculator Application      553
To Verify     555
Capturing Switched Network Traffic: Intercept/Exploit Traffic: Ettercap     556
Password Capture: Capture Passwords Traversing the Network: Dsniff     573
Data Manipulation: Manipulate the Live Data Stream: Achilles     574
Covert Reverse Telnet Session: Create a Reverse Telnet Session: Netcat     588
Covert Channel - Reverse Shell: Exploit Data from Target Computer: Reverse Shell     596
Redirection     603
PortMapper: Traffic Redirection: PortMapper     605
Executing Applications - Elitewrap: Executing Hidden Applications: Elitewrap     618
TCP Relay - Bypass Firewalls: Traffic Redirection: Fpipe     627
Remote Execution: Remote Execution on Target: PsExec     633
TCP Relay - Bypass Firewalls: Traffic Redirection: NETWOX/NETWAG     638
Denial-of-Service (DoS)     643
Denial-of-Service - Land Attack: DoS Land Attack: Land Attack     645
Denial-of-Service - Smurf Attack: DoS Smurf Attack: Smurf Attack     650
Denial-of-Service - SYN Attack: DoS Land Attack: SYN Attack     655
Denial-of-Service - UDP Flood: DoS UDP Flood Attack: UDP flood Attack     660
Denial-of-Service - Trash2.c: Create Denial-of-Service Traffic: Trash2.c     665
References      671
Tool Syntax     675
Index     725